Work System · Work System E-Commerce · CVE-2007-1423
**Name of the Vulnerable Software and Affected Versions**
WORK system e-commerce versions 3.0.5 and earlier
**Description**
The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the `g include` parameter to certain PHP scripts, such as `include/include top.php`.
**Recommendations**
For versions 3.0.5 and earlier, consider restricting access to the `g include` parameter in the affected PHP scripts until a patch is available. As a temporary workaround, disabling the inclusion of remote files via the `include/include top.php` script may help minimize the risk of exploitation.